Twitter Account Hacks in India Investigated

The Twitter accounts of several celebrities and politicians in India were recently hacked, prompting the social media company on Tuesday to temporarily suspend the affected accounts, according to news reports.

One of the messages posted on an affected account read, "Your account has been hacked by Turkish cyber army 'Ayyildiz Tim'. Your DM correspondence and important data have been captured. I Love Pakistan."

Twitter said in a post: "Our teams are working to resolve an issue affecting a small number of Indian users. We will notify affected account holders directly. Reminder: do not click on links in DMs coming from unknown accounts."

Last month, the Twitter account of Rahul Gandhi who is the leader of Congress Party in India was hacked.

Fingers were pointed at the ruling government. Delhi Police's cyber cell filed first information report, or FIR, after a complaint was lodged. But so far, the culprit hasn't been nabbed.

Cyber police tells Information Security Media Group that it has been a challenge to resolve Twitter hacking cases. "It's a huge task to track cyberattacks by foreign criminals. There are multiple procedures involved, which take time," says Muktesh Chander, Directorate General, Goa Police.

Hacked twitter account of Kiran Bedi

Déjà vu?

At that time, hackers gained unauthorized access to information on the website of the Ministry of Home Affairs, prompting authorities to temporarily block it. Authorities suspected that the hackers were associated with Inter-Services Intelligence of Pakistan. And law enforcement agencies suspect a Pakistan connection to the latest Twitter account attacks.

Investigation Challenges

One of the challenges involved in cracking down on hacking cases involving social media accounts is that the servers are usually located outside of India, making it more difficult for local law enforcement agencies to track the IP addresses.

"It's a challenge to track down the right IP address as criminals use a virtual private network," says Balsing Rajput, superintendent of police, cyber division, Maharashtra State Police. "Moreover, if the address is located outside of India the procedure involved is lengthy. In such cases we have to take the help of CBI which itself taken three months or so."

Another challenge with nabbing foreign hackers is the uncertainty over which Indian laws apply.

"There is no unified law globally to tackle cyber crime. The law which is applicable in India is often not applicable on a foreign land," says Na. Vijayashankar, a cyber law expert. And gathering of evidence from other countries is difficult in the absence of a bilateral agreement.

Moreover, by the time police investigate the case and get the required approvals from the government to nab criminals from a foreign land, it may be too late to take action. "It usually takes a long time to get approvals. Usually by then the records gets tampered or removed," says Triveni Singh, additional superintendent of police cybercrime, Uttar Pradesh Police. "People tend to forget and we also get involved in more important cases. Rarely do these cases see a full closure."

Grievance Handling Mechanism

Security practitioners and investigative agencies see the need to improve incident investigation and grievance handling mechanisms.

"The Ministry of Home Affairs is aware that we need to step up in our effort to counter and block hackers. It is conducting various workshops to improve and train police personnel," Singh says, adding that it will take time for things to change.

The ministry recently created two new divisions - Counter Terrorism and Counter Radicalization Division and the Cyber and Information Security Division - to give focused attention to issues relating to terrorism, counter radicalization, cybersecurity, cybercrime and information security. The Cyber and Information Security division monitors online crimes and threats, including cyber fraud and hacking, and suggests ways to minimize and fight them. That unit is developing a curriculum for law enforcement to help them tackle situations like hacking and online fraud more efficiently, Singh says.

Some security experts argue that India needs a national cybersecurity operations center to monitor cyber threats.

"The data protection and privacy law in India will soon come up with a data localization policy," Rajput says. "This will force companies like Twitter, Facebook and others to store local data in India. However, the problem of nabbing foreign hackers will remain unless internationally we don't come up with a data sharing mechanism."

About the Author

Suparna Goswami is principal correspondent at ISMG Asia and has more than 10 years of experience in the field of journalism. She has covered a variety of beats ranging from global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine, and leading Indian newspapers like DNA and Times of India.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.